<?php

/* Copyright (c) 2007 Alec Henriksen
 * phpns is free software; you can redistribute it and/or modify it under the
 * terms of the GNU General Public Licence (GPL) as published by the Free
 * Software Foundation; either version 2 of the Licence, or (at your option) any
 * later version.
 * Please see the GPL at http://www.gnu.org/copyleft/gpl.html for a complete
 * understanding of what this license means and how to abide by it.
*/

include("inc/header.php");
$do = $_GET['do'];

	//quick permission check (redir to error)
	if ($globalvars['rank'][6] == 0) {
		header("Location: index.php?do=permissiondenied");
		die();	
	}

	if (!$do) { //just display the selection menu
		$globalvars['page_name'] = "preferences";
		$content = '
			<h3>News display options</h3>
			<div id="columnright">
				<ul>
					<li><a href="?do=sef">search engine friendly urls</a></li>
					<li><a href="?do=comments">comment options</a></li>
					<li><a href="?do=ban">ban options</a></li>
					<li><a href="?do=wizard">integration wizard</a></li>
				</ul>
			</div>
				<ul>
					<li><a href="?do=display">general display options</a></li>
					<li><a href="?do=categories">category management</a></li>
					<li><a href="?do=templates">template management</a></li>
					<li><a href="?do=rss">rss management</a></li>
				</ul>
			<h3>Editing/System options</h3>
			<div id="columnright">
				<ul>
					<li><a href="?do=themes">theme options</a></li>
					<li><a href="?do=wysiwyg">WYSIWYG editor</a></li>
					<li><a href="?do=timestamp">timestamp options</a></li>
				</ul>
			</div>
				<ul>
					<li><a href="?do=plugins">plugins</a></li>
					<li><a href="?do=image">image uploads and settings</a></li>
					<li><a href="?do=backup">database backup</a></li>
					<li><a href="?do=line">online/offline options</a></li>
				</ul>
			<h3>User options</h3>
			<div id="columnright">
				<ul>
					<li><a href="?do=user">general user options</a></li>
					<li><a href="user.php?do=ranks">rank management</a></li>
				</ul>
			</div>
				<ul>
					<li><a href="?do=dislogom">disable logging in</a></li>
					<li><a href="user.php?do=loginrec&action=delall" onClick="return confirm(\'Are you sure you want to delete all login records?\');">delete login records</a></li>
				</ul>
			
			<h3>Misc options</h3>
				<ul>
					<li><a href="?do=logging">server logging options (phpns.com)</a></li>
					<li><a href="?do=globalmessage">global message</a></li>
				</ul>';
	} elseif ($do == "categories") { //if category
		$action = $_GET['action'];
		//if create new category
		if ($action == "new") { //if new category
			$data = $_POST;
				if (empty($data['name'])) {
					$proceed = "no";
					$error_messages = '<ol class="warning"><li>A name is required for the category!</li></ol>';
				}
			//execute SQL function if no errors
			if ($proceed != "no") {
			new_category($data,$_SESSION['username']);
			unset($data);
			}
			
		} elseif($action == "deleteitems") {
			$items = $_POST; //get vars
			$move_cat = $_POST['move_cat'];
			unset($items['move_cat']);
			foreach($items as $key=>$value) { //create list of ids to be deleted
				$items_f = $items_f."'$value',";
			}
			$items_f = substr_replace($items_f,"",-1); //remove last comma in list for SQL
			$sql = "DELETE FROM categories WHERE id IN ($items_f)"; //delete all records where the id is in the list
			$res = mysql_query($sql) or die(mysql_error()); //execute
			//form sql for deletion of sub cats
			$sql_subdel = "DELETE FROM categories WHERE cat_parent IN ($items_f)"; //delete all records where the id is in the list
			$res_subdel = mysql_query($sql_subdel) or die(mysql_error()); //execute
				//move items to selected cateogry
				$sql_m = 'UPDATE articles SET article_cat="'.$move_cat.'" WHERE article_cat IN ('.$items_f.')';
				$res_m = mysql_query($sql_m) or die(mysql_query());
			header("Location: preferences.php?do=categories");
		}
		$globalvars['page_name'] = "categories";
		$globalvars['page_image'] = "preferences";
		$data['cat_list'] = gen_categories('option','top');
		$table_rows = gen_categories('row','');
		$move_selected = gen_categories('option','');
		
		$content = '
		<h3>Create new category</h3>
		<div class="form">
			'.$error_messages.'
			<form action="preferences.php?do=categories&action=new" method="post">
				<label for="name">Category name</label><input type="text" id="name" name="name" /> <input type="submit" id="submit" value="Create category" /><br />
				<label for="description">Description</label><input type="text" name="description" value="'.$data['description'].'" /><br />
				<label for="parent">Parent</label>
				<select name="parent">
					<option value="">None</option>
					<optgroup label="Categories">
					'.$data['cat_list'].'
					</option>
				</select>
			</form>
		</div>
		<h3>Category list</h3>
		<form action="preferences.php?do=categories&action=deleteitems" method="post">
			<table style="text-align: left; width: 100%;" border="1"
				 cellpadding="3" cellspacing="2">
				  <tbody>
				    <tr class="toprow">
				      <td style="width: 150px; text-align: left;"><strong>Name</strong></td>
				      <td style="width: 150px;"><strong>Parent (?)</strong></td>
				      <td><strong>Description</strong></td>
				      <td style="width: 135px"><strong>Date</strong></td>
				      <td style="width: 10px; text-align: center;"><strong><input type="checkbox" onClick="Checkall(this.form);" /></strong></td>
				    </tr>
				    '.$table_rows.'
				  </tbody>
				</table>
				<div style="text-align: right; float: right;">
				Move items from categories (that will be deleted) to: <select id="move_cat" name="move_cat" style=" margin: 0;">
					'.$move_selected.'
				</select>
			<input type="submit" id="submit" value="Delete Selected" /></div>
		</form>
		';
	
	} elseif ($do == "display") { //if displaly options
		//define page name and image
		$globalvars['page_name'] = "display options";
		$globalvars['page_image'] = "preferences";
		
			if ($_GET['action'] == "update") {
				change_config('def_limit',$_POST['def_limit']);
				change_config('def_offset',$_POST['def_offset']);
				change_config('timestamp_format',$_POST['timestamp_format']);
				change_config('def_order',$_POST['def_order']);
				$error_message = '<div class="warning">Your preferences have been saved.</div>';
			}
		
		//generate gconfig values
		$timestamp_format = load_config('timestamp_format');
		$def_offset = load_config('def_offset');
		$def_limit = load_config('def_limit');
		$def_order = load_config('def_order');
		
			if ($def_order['v1'] == "desc") {
				$def_order_display = "Descending";
			} elseif ($def_order['v1'] == "asc") {
				$def_order_display = "Ascending";
			}
		
		$content = '
			'.$error_message.'
		<h3>Display options</h3>
		<div class="form">
			<form action="preferences.php?do=display&action=update" method="post">
				<div id="columnright">
				<br />
				<label for="def_limit">Display limit</label>
					<select name="def_limit">
						<optgroup label="Selected:">
						<option selected="selected" value="'.$def_limit['v1'].'">'.$def_limit['v1'].'</option>
						</optgroup>
						<optgroup label="Choose a limit:">
						<option>1</option>
						<option>2</option>
						<option>3</option>
						<option>5</option>
						<option>10</option>
						<option>15</option>
						<option>20</option>
						<option>30</option>
						<option>50</option>
						<option>100</option>
						<option>200</option>
						<option>500</option>
						<option>1000</option>
						</optgroup>
					</select>
					<br />
				<label for="def_order">Reverse items</label>
					<select name="def_order">
						<optgroup label="Selected:">
							<option selected="selected" value="'.$def_order['v1'].'">'.$def_order_display.'</option>
						</optgroup>
						<optgroup label="Choose an order:">
						<option value="asc">Ascending</option>
						<option value="desc">Descending</option>
						</optgroup>
					</select>
					</div>
					
				<label for="def_offset">Display offset</label>
					<input type="text" name="def_offset" value="'.$def_offset['v1'].'" style="width: 50px" />
					<br />
				<label for="timestamp_format">Date format</label>
					<input type="text" name="timestamp_format" value="'.$timestamp_format['v3'].'" /> <br />(<a href="http://us2.php.net/date">date function help</a>)
					<br />
				<div class="alignr">
					<input type="submit" id="submit" value="Save" />
				</div>
			</form>
		</div>
		';
	
	} elseif ($do == "comments") { //if comment options
		//define page name and image
		$globalvars['page_name'] = 'comment options';
		$globalvars['page_image'] = 'preferences';
		
			if ($_GET['action'] == "update") {
				change_config('def_comlimit',$_POST['def_comlimit']);
				change_config('def_comorder',$_POST['def_comorder']);
				change_config('def_comenabled',$_POST['def_comenabled']);
				
				$error_message = '<div class="warning">Your preferences have been saved.</div>';
			}
		
		//generate gconfig values
		$def_comlimit = load_config('def_comlimit');
		$def_comorder = load_config('def_comorder');
		$def_comenabled = load_config('def_comenabled');
		
		if ($def_comorder['v1'] == "desc") {
				$def_comorder_display = "Descending";
			} elseif ($def_comorder['v1'] == "asc") {
				$def_comorder_display = "Ascending";
			}
			
		if ($def_comenabled['v1'] == 0) {
				$def_comenabled_display = "No";
			} elseif ($def_comenabled['v1'] == 1) {
				$def_comenabled_display = "Yes";
			}
		
		$content = '
			'.$error_message.'
		<h3>Display options</h3>
		<div class="form">
			<form action="preferences.php?do=comments&action=update" method="post">
				<div id="columnright">
				<br />
				<label for="def_comlimit">Character Limit</label>
					<select name="def_comlimit">
						<optgroup label="Selected:">
						<option selected="selected" value="'.$def_comlimit['v3'].'">'.$def_comlimit['v3'].'</option>
						</optgroup>
						<optgroup label="Choose a limit:">
						<option>50</option>
						<option>100</option>
						<option>200</option>
						<option>300</option>
						<option>500</option>
						<option>750</option>
						<option>1000</option>
						<option>1050</option>
						<option>1100</option>
						<option>1200</option>
						<option>1500</option>
						<option>2000</option>
						<option>5000</option>
						<option>10000</option>
						<option>100000</option>
						</optgroup>
					</select>
					<br />
				
					</div>
					
				<label for="def_comenabled">Comments active</label>
					<select name="def_comenabled">
						<optgroup label="Selected:">
							<option selected="selected" value="'.$def_comenabled['v1'].'">'.$def_comenabled_display.'</option>
						</optgroup>
						<optgroup label="Active:">
							<option value="1">Yes</option>
							<option value="0">No</option>
						</optgroup>
					</select>
					<br />
				<label for="def_comorder">Reverse comments</label>
					<select name="def_comorder">
						<optgroup label="Selected:">
							<option selected="selected" value="'.$def_comorder['v1'].'">'.$def_comorder_display.'</option>
						</optgroup>
						<optgroup label="Choose an order:">
						<option value="asc">Ascending</option>
						<option value="desc">Descending</option>
						</optgroup>
					</select>
					<br />
				<div class="alignr">
					<input type="submit" id="submit" value="Save" />
				</div>
			</form>
		</div>
		';
	} elseif ($do == "rss") { //if rss
		$globalvars['page_name'] = 'rss options';
		$globalvars['page_image'] = 'preferences'; //set preferences image
			if ($_GET['action'] == "update") {
				change_config('def_rsslimit',$_POST['def_rsslimit']);
				change_config('def_rssorder',$_POST['def_rssorder']);
				change_config('def_rsstitle',$_POST['def_rsstitle']);
				change_config('def_rssdesc',$_POST['def_rssdesc']);
				change_config('def_rssenabled',$_POST['def_rssenabled']);
				
				$error_message = '<div class="warning">Your preferences have been saved.</div>';
			}
		
		//generate gconfig values
		$def_rsslimit = load_config('def_rsslimit');
		$def_rssorder = load_config('def_rssorder');
		$def_rssenabled = load_config('def_rssenabled');
		$def_rsstitle = load_config('def_rsstitle');
		$def_rssdesc = load_config('def_rssdesc');
		
		if ($def_rssorder['v1'] == "desc") {
				$def_rssorder_display = "Descending";
			} elseif ($def_rssorder['v1'] == "asc") {
				$def_rssorder_display = "Ascending";
			}
			
		if ($def_rssenabled['v1'] == 0) {
				$def_rssenabled_display = "No";
			} elseif ($def_rssenabled['v1'] == 1) {
				$def_rssenabled_display = "Yes";
			}
		
		$content = '
			'.$error_message.'
		<h3>Display options</h3>
		<div class="form">
			<form action="preferences.php?do=rss&action=update" method="post">
				<div id="columnright">
				<br />
				<label for="def_rsslimit">Item limit</label>
					<select name="def_rsslimit">
						<optgroup label="Selected:">
						<option selected="selected" value="'.$def_rsslimit['v3'].'">'.$def_rsslimit['v3'].'</option>
						</optgroup>
						<optgroup label="Choose a limit:">
						<option>1</option>
						<option>2</option>
						<option>3</option>
						<option>5</option>
						<option>7</option>
						<option>10</option>
						<option>15</option>
						<option>20</option>
						<option>25</option>
						<option>30</option>
						<option>50</option>
						<option>75</option>
						<option>100</option>
						<option>150</option>
						<option>200</option>
						<option>500</option>
						<option>1000</option>
						<option>10000</option>
						<option>100000</option>
						</optgroup>
					</select>
					<br />
					
					<label for="def_rssorder">Reverse RSS</label>
					<select name="def_rssorder">
						<optgroup label="Selected:">
							<option selected="selected" value="'.$def_rssorder['v1'].'">'.$def_rssorder_display.'</option>
						</optgroup>
						<optgroup label="Choose an order:">
						<option value="asc">Ascending</option>
						<option value="desc">Descending</option>
						</optgroup>
					</select>
					<br />
				
					</div>
					
				<label for="def_rssenabled">RSS online</label>
					<select name="def_rssenabled">
						<optgroup label="Selected:">
							<option selected="selected" value="'.$def_rssenabled['v1'].'">'.$def_rssenabled_display.'</option>
						</optgroup>
						<optgroup label="Active:">
							<option value="1">Yes</option>
							<option value="0">No</option>
						</optgroup>
					</select>
					<br />
				<label for="def_rsstitle">RSS title</label>
					<input type="text" name="def_rsstitle" value="'.$def_rsstitle['v3'].'" style="width: 135px" />
					<br />
				<label for="def_rssdesc">RSS description</label>
					<input type="text" name="def_rssdesc" value="'.$def_rssdesc['v3'].'" style="width: 50px" />
					<br />
				<div class="alignr">
					<input type="submit" id="submit" value="Save" />
				</div>
			</form>
		</div>
		';
	} elseif ($do == "templates") {
		//define page name & default image
		$globalvars['page_name'] = 'templates';
		$globalvars['page_image'] = 'preferences'; //set preferences image
		$action = $_GET['action'];
		
			if ($action == "switch") {  //switch default template
				$sw_id = $_POST['select'];
				
				if (switch_template($sw_id)) {
					$message = '<div class="warning">The template you selected is now the default template.</div>';
				} else {
					$message = '<div class="warning">There was an error switching the template.</div>';
				}
				unset($action);
			}
		
		if (!$action) {
			//we're going to fetch all the available templates.
			$tres = general_query('SELECT * FROM '.$databaseinfo['prefix'].'templates'); //execute tsql
			$row_bg = '#ffffff'; //set original row color
				while ($trow = mysql_fetch_assoc($tres)) { //get arrays
					$row_bg = ($row_bg == '#ffffff') ? '#F5F5F5' : '#ffffff'; //switch row colors
					$trow['timestamp'] = date($globalvars['time_format'],$trow['timestamp']);
						if ($trow['template_selected'] == TRUE) { //set the radio button to checked if it's currently selected
							$trow['template_selected'] = 'checked="checked"';
						}
					$template_rows .= '
					<tr bgcolor="'.$row_bg.'">
						<td><strong><a href="preferences.php?do=templates&action=edit&tid='.$trow['id'].'">'.$trow['template_name'].'</a></strong></td>
						<td>'.$trow['template_desc'].'</td>
						<td>'.$trow['template_author'].'</td>
						<td>'.$trow['timestamp'].'</td>
						<td><input type="radio" name="select" value="'.$trow['id'].'" '.$trow['template_selected'].' /></td>
					</tr>';
				}
			
			$content = '
			'.$message.'
			<h3>Options</h3>
			<ul>
				<li><a href="preferences.php?do=templates&action=new">create new template</a></li>
			</ul>
			<h3>Template list</h3>
			<form action="preferences.php?do=templates&action=switch" method="post">
				<table style="text-align: left; width: 100%;" border="1"
					 cellpadding="3" cellspacing="2">
					  <tbody>
					    <tr class="toprow">
					      <td style="text-align: left;"><strong>Name</strong></td>
					      <td><strong>Description</strong></td>
					      <td style=""><strong>Author</strong></td>
					      <td><strong>Date</strong></td>
					      <td style="width: 10px"><strong>Active</strong></td>
					    </tr>
					    '.$template_rows.'
				</table>
				<div class="alignr">
					<input type="submit" id="submit" value="Switch template" />
				</div>
			</form>
			';
		} elseif ($action == "new") {
		
			$content = template_form();
			
		} elseif ($action == "newp") { //create new template process
			$data = $_POST;
			$continue = TRUE; //set continue var
				if ($data['template_name'] == "") {
					$continue = FALSE;
					$error_message = '<div class="warning">You must enter a title for this template before continuing.</div>';
				}
			
			if ($continue == TRUE) {
				$globalvars['page_name'] = "template success";
				$globalvars['page_image'] = "success";
				//give $data post vars
				$res = new_template($data,$_SESSION['username']);
			} else {
				$globalvars['page_name'] == 'templates';
				$globalvars['page_image'] == 'error';
				
				$content = template_form();
			}
		} elseif ($action == "edit") { //if editing a template
			$tid = $_GET['tid'];
			$tres = general_query('SELECT * FROM '.$databaseinfo['prefix'].'templates WHERE id='.$tid.'',1); //execute tsql
			$content = template_form($tres);
		} elseif ($action == "editp") {
			$data = $_POST;
			$continue = TRUE; //set continue var
				if ($data['template_name'] == NULL) {
					$continue = FALSE;
					$error_message = '<div class="warning">You must enter a title for this template before continuing.</div>';
				}
			
			if ($continue == TRUE) {
				$globalvars['page_name'] = "edit success";
				$globalvars['page_image'] = "success";
				//give $data post vars
				$res = edit_template($data,$_SESSION['username']);
			} else {
				$globalvars['page_name'] == 'templates';
				$globalvars['page_image'] == 'error';
				
				$content = template_form($data);
			}
		}
	} elseif ($do == "sef") { //search engine friendly urls page
		$globalvars['page_name'] = 'search engine friendly urls';
		$globalvars['page_image'] = "preferences";
		$content = '
		<p>We plan to make this feature automated in the future, however, in the alpha releases, you will need to do this manually. Follow the steps below:</p>
		<ol>
			<li><strong>Make sure the apache module \'mod_rewrite\' is installed and active on your server.</strong></li>
			<li>Next, you need to create a file named \'<strong>.htaccess</strong>\' (without the single quotes, and with the period included with no spaces at the beginning). Put the following inside the file:<br />
				<textarea class="code"># .htaccess file for SEF URLs
# SEF URL .htaccess file. PLACE THIS FILE WHEREVER YOUR NEWS IS BEING INCLUDED.

	<IfModule mod_rewrite.c> 
		RewriteEngine on
		RewriteCond %{SCRIPT_FILENAME} !-d
		RewriteCond %{SCRIPT_FILENAME} !-f
		RewriteRule ^(.*)$ index.php?$1 [QSA]
	</IfModule></textarea>
			</li>
			<li>Place this \'.htaccess\' file wherever your news is being displayed on your website. This is usually the root of your website, \'/\'. <em>Do not place the \'.htaccess\' file in the phpns directory.</em></li>
		</ol>
		<p>Phpns will automatically detect the .htaccess file, and will take it from there. You should notice a substantial change in the URLs on your phpns implimentation. If you do not, join the IRC and we\'ll help you out.</p>
		<p>We intent to make this easier to accomplish in the future.</p>
		';
	} elseif ($do == "ban") { //if ban page
		$globalvars['page_name'] = "ban options";
		$globalvars['page_image'] = "preferences";
		
		if ($_GET['action'] == 'newp') { //if the action is new process
			$data = $_POST; //assign post to $data
			clean_data($data['reason']); //clean
			
			//if ip is empty or in an incorrect form, display error
			if (!$data['ip'] || !preg_match('/^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$/', $data['ip'])) {
				$error_message = '<div class="warning">Please make sure the IP address is in correct form, or is not blank.</div>';
			} else {
				ban($data,$_SESSION['username']); //ban.
			}
		} elseif ($_GET['action'] == "delete") { //if we're deleting banned ip addresses
			$items = $_POST; //get vars
			foreach($items as $key=>$value) { //create list of ids to be deleted
				$items_f = $items_f."'$value',";
			}
			$items_f = substr_replace($items_f,"",-1); //remove last comma in list for SQL
			$res = general_query('DELETE FROM '.$databaseinfo['prefix'].'banlist WHERE id IN ('.$items_f.')'); //delete query

		}

			//fetch banned ips
			$bres = general_query('SELECT * FROM '.$databaseinfo['prefix'].'banlist'); //fetch query
			while ($brow = mysql_fetch_assoc($bres)) { //get arrays
					$row_bg = ($row_bg == '#ffffff') ? '#F5F5F5' : '#ffffff'; //switch row colors
					$brow['timestamp'] = date($globalvars['time_format'],$brow['timestamp']);
					$ip_rows .= '
					<tr bgcolor="'.$row_bg.'">
						<td><strong><a href="http://'.$brow['ip'].'">'.$brow['ip'].'</a></strong></td>
						<td>'.$brow['reason'].'</td>
						<td>'.$brow['banned_by'].'</td>
						<td>'.$brow['timestamp'].'</td>
						<td><input type="checkbox" value="'.$brow['id'].'" name="'.$brow['id'].'" /></td>
					</tr>';
				}
		$content = '
		'.$error_message.'
		<h3>Ban an IP</h3>
			<form action="?do=ban&action=newp" method="post" class="form">
				<label for="ip">IP address:</label> <input class="extended" type="text" name="ip" />	<input type="submit" id="submit" value="Ban this IP" /><br />
				<label for="reason">Reason for ban*:</label> <input type="text" class="extended" name="reason" />
			</form>
		<h3>Ban list</h3>
			<form action="preferences.php?do=ban&action=delete" method="post">
				<table style="text-align: left; width: 100%;" border="1"
					 cellpadding="3" cellspacing="2">
					  <tbody>
					    <tr class="toprow">
					      <td style="text-align: left;"><strong>IP</strong></td>
					      <td><strong>Reason for ban</strong></td>
					      <td style=""><strong>Banned by</strong></td>
					      <td><strong>Date</strong></td>
					      <td style="width: 10px; text-align: center;"><strong><input type="checkbox" onClick="Checkall(this.form);" /></strong></td>
					    </tr>
					    '.$ip_rows.'
				</table>
				<div class="alignr">
					<input type="submit" id="submit" value="Lift selected bans" />
				</div>
			</form>
			';
		
	} elseif ($do == "wizard") {
		$globalvars['page_name'] = "integration wizard";
		$globalvars['page_image'] = "preferences";
		
		$data['cat_list'] = gen_categories('option','');
		//integration wizard form
		$content = '
		<h3>Display configuration</h3>
		<div class="form">
			<form action="?do=wizard&action=p" method="post">
				
				<label for="category">Category</label>
					<select name="category" class="searchelements" id="category">
						<option value="0">All categories</option>
						<optgroup label="Categories">
							'.$data['cat_list'].'
						</optgroup>
					</select>
					<br />
					<label for="display_limit">Display limit</label>
					<input type="text" name="display_limit" value="" /> (Numeric, 1 - 9999) <br />
					<br />
			<div class="alignr">
				<input type="submit" id="submit" value="Generate code" />
			</div>
			</form>
		</div>
		';
	
	} elseif ($do == "plugins") {
		$globalvars['page_name'] = "plugins";
		$globalvars['page_image'] = "preferences";
	
	
	} elseif ($do == "backup") {
		$globalvars['page_name'] = "database backup";
		$globalvars['page_image'] = "preferences";
		
		if ($_GET['action'] == "backup") {
			
			//mysqldump -u alecwh --password=alecwh phpns2 > database.sql
			exec('mysqldump -u '.$databaseinfo['user'].' --password='.$databaseinfo['password'].' '.$databaseinfo['dbname'].' > '.$databaseinfo['dbname'].'.sql');
			
				//define filepaths and determine future gz file
				$file = $databaseinfo['dbname'].'.sql'; //the current dump
				// $file = file_get_contents($file);
  				/*
  					COMPRESSION FOR FILE, COMMENTED OUT UNTIL WE CAN SOLIDIFY THE PROCESS.
	  				//encode and write to file process
	  				$data = implode("", file($file));
					$gzdata = gzuncompress($data, 9); //encrypt to .gz, most compression possible (9)
					$fp = fopen($gz_file_to_produce, "w"); //open to write
					fwrite($fp, $gzdata); //write
					fclose($fp); //close
					
					> <meta http-equiv="content-type","application/download">
> <meta http-equiv="content-type","application/force-download">
> <meta http-equiv="content-type","application/octet-stream">
> <meta http-equiv="content-disposition","attachment; filename=list.txt">[/color]
				*/
				$size = filesize($databaseinfo['dbname'].'.sql'); //get size
					//redirect to etc for actual header info
					header("Location: etc.php?do=backup&size=".$size."");
					
		} elseif ($_GET['action'] == "restore") { //if we're restoring the data
			//action for uploaded file, for db restore
			$target_path = basename($_FILES['file']['name']); 
			if (move_uploaded_file($_FILES['file']['tmp_name'], $target_path)) {
				//the file has been uploaded, now we deal wtih manipulation.
				//de-gz the file
				//THIS WAS THE PROBLEM with .gz compression, the decompression was not widely supported. Maybe support in the future, but for now, we're not dealing with it.
				//execute and dump data
				exec('mysql -u '.$databaseinfo['user'].' --password='.$databaseinfo['password'].' '.$databaseinfo['dbname'].' < '.$target_path.'');
			} else {
				$error_message .= '<div class="warning">There was an error uploading the file.</div>';
			}
		}
		
		$content .= '
		<h3>Create backup</h3>
		<p>Once you click the button below, phpns will create a backup of the whole phpns database, and then compress to .sql.gz where available.</p>
		<div id="button_container">
			<button class="backup" OnClick="window.location = \'?do=backup&action=backup\';"><strong>Click here to backup the phpns database</strong></button>
		</div>
		
		<h3>Restore backup</h3>
		<p>Please browse to the backup file earlier created.</p>
		<form enctype="multipart/form-data" action="?do=backup&action=restore" method="post" onsubmit="return confirm(\'Are you sure you want to restore this backup?\n\nThis will erase your database schema, and delete any articles/categories/users/settings that are not included in the backup.\');" >
			<label for="file">Select .sql file</label> <input name="file" type="file" /><br />
			<div class="alignr">
				<input type="submit" value="Restore backup" id="submit" />
			</div>
		</form>
		
		';
	
	
	} elseif ($do == "images") {
		$globalvars['page_name'] = "image uploads and settings";
		$globalvars['page_image'] = "preferences";
	
	
	} elseif ($do == "themes") { //if themes
		//define page name & default image
		$globalvars['page_name'] = 'themes';
		$globalvars['page_image'] = 'preferences'; //set preferences image
		$action = $_GET['action'];
		$path = $_POST['path'];
			if ($action == "switch" && $path != "") {  //if theme switch is underway....
				
				$theme_path = 'themes/'.$path.'/';  //construct filepath
				$themeinfo = simplexml_load_file('themes/'.$path.'/theme.xml');
				$timestamp = time();
				
				//first, we're going to delete previous theme selection(s). There should only ever be one.
				$sql_del = "DELETE FROM themes";
				$sql_del = mysql_query($sql_del) or die (mysql_error());
				
				$sql = "INSERT INTO themes 
				(theme_name,theme_author,theme_dir,base_dir,timestamp,theme_selected) VALUES (
				 '".$themeinfo->name."',
				 '".$themeinfo->author."',
				 '".$theme_path."',
				 '".$path."',
				 '".$timestamp."',
				 1)
				 "; //form query
				$res = mysql_query($sql) or die (mysql_error());
				
				$content = '<div class="warning">The theme has been saved.</div>';
			}
		
		$scanlisting = scandir("themes/");
		$dirlisting = array();
		foreach($scanlisting as $key => $value) {
			if (is_dir("themes/$value") == true && $value != '.' && $value != '..') {
				$dirlisting[] = $value;
			}
		}
		$themelist = '
		<form action="preferences.php?do=themes&action=switch" method="post">
			<table style="text-align: left; width: 100%;" border="1"
				 cellpadding="3" cellspacing="2">
				  <tbody>
				    <tr class="toprow">
				      <td style="width: 150px"><strong>Preview</strong></td>
				      <td style="width: 150px; text-align: left;"><strong>Name</strong></td>
				      <td style="width: 150px;"><strong>Author</strong></td>
				      <td><strong>Description</strong></td>
				      <td style="width: 10px"><strong>Active</strong></td>
				    </tr>';	
		foreach($dirlisting as $key => $value) {
			if (is_file("themes/$value/theme.xml")) {
				$themeinfo = simplexml_load_file('themes/'.$value.'/theme.xml');
				
				//sql to fetch current theme, so we can have the theme selected
				$sql = "SELECT * FROM themes WHERE theme_selected=1";
				$res = mysql_query($sql) or die(mysql_error());
				$stheme = mysql_fetch_array($res);
				
				//radio button. selected or not?
				
				if ("$themeinfo->name" == $stheme['theme_name']) {
					$radio = '<td><input type="radio" id="path" name="path" value="'.$value.'" checked="checked" /></td>';
				} else {
					$radio = '<td><input type="radio" id="path" name="path" value="'.$value.'" /></td>';
				}
				
				
				$themelist = $themelist.'    
				<tr>
				  <td><img src="themes/'.$value.'/preview.png" alt="preview" /></td>
				  <td><strong>'."$themeinfo->name".'</strong></td>
				  <td><a href="'."$themeinfo->website".'"> '."$themeinfo->author".' </a></td>
				  <td>'."$themeinfo->description".'</td>
				  '.$radio.'
				</tr>
				';
			}
		}
		$themelist = $themelist.'
		   </tbody>
		</table>
		<div class="alignr">
			<input type="submit" id="submit" value="Save" />
		</div>
	</form>';
		
		//compile content for themes
		$content .= 
		'<h3>Detected themes (in the /themes directory)</h3>
		'.$themelist.'
		';
	} elseif ($do == "wysiwyg") {
		$globalvars['page_name'] = "wysiwyg options";
		$globalvars['page_image'] = "preferences";
	
	} elseif ($do == "globalmessage") {
		$globalvars['page_name'] = "global message";
		$globalvars['page_image'] = "preferences";
		
			if ($_GET['action'] == "update") {
				change_config('global_message',$_POST['message']);
				$error_message = '<div class="warning">Your message have been saved.</div>';
			}
		$global_message = load_config('global_message');
		
		$content = $error_message.'
		<h3>global message</h3>
		<div class="form">
			<form action="preferences.php?do=globalmessage&action=update" method="post">
				<label for="message">Message<br /><a href="javascript:togglewysiwyg(\'message\');">wysiwyg on/off</a><br /><a href="javascript:expandwysiwyg(\'message\');">expand editor</a></label><textarea name="message" id="message">'.$global_message['v3'].'</textarea>
				<br />*If you do not want any message, leave the above field blank.
				<div class="alignr">
					<input type="submit" id="submit" value="Save" />
				</div>
				
			</form>
		</div>
		';
	}
include("inc/themecontrol.php");  //include theme script
?>
